API tools faq
paste
Advertisement
Hex00010

updated_info

Hex00010
Jun 21st, 2012
857
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.19 KB | None | 0 0
raw download clone embed print report
  1. User Enumeration Switch -
  2.  
  3.  
  4. Carrier Access -600 Tier 1 Switches If set for Logon permissions
  5.  
  6. If you type in a username it will display Incorrect or Correct
  7.  
  8. Before procedding to the password field
  9.  
  10.  
  11. A Person can detect Usernames on the system through
  12.  
  13. a basic brute force script and output the values into a file I/O etc.......
  14.  
  15.  
  16.  
  17. Also
  18.  
  19.  
  20. There is no Brute Force Security to detect Logins
  21.  
  22. Although there is a Audit trail that shows login information once logged in
  23.  
  24. it does not disconnect you from the service and you can continue bruteforceing
  25. logins
  26.  
  27.  
  28.  
  29.  
  30. By Hex00010
  31.  
  32.  
  33.  
  34.  
  35.  
  36.  
  37. iPump 6400 Series
  38.  
  39.  
  40. You can get the Login Credentials to the Administration page on the iPump 6400 Series
  41.  
  42. by going to
  43.  
  44. /secure/js/login.js
  45.  
  46. Code =
  47.  
  48.  
  49. function Login() {
  50. var done=0;
  51. var username=document.login.username.value;
  52. var password=document.login.password.value;
  53. password=password.toLowerCase();
  54. if (password=="PASSWORD") { window.location="admin.php?user="+username+""; done=1; }
  55. if (password=="PASSWORD") { window.location="playout.php?user="+username+""; done=1; }
  56. if (password=="PASSWORD) { window.location="playlist.php?user="+username+""; done=1; }
  57. if (done==0) { alert("Invalid Login. Please check your password"); document.login.password.value = "";}
  58. }
  59.  
  60.  
  61. iPump 6400 Series when at the login page the field - Username does not apply
  62.  
  63.  
  64. it is there just for the hell of it - the only thing that matters is the password field
  65.  
  66.  
  67. By - Hex00010 - Like a Boss - Runnin Solo since 0011 xD
  68.  
  69. - Not Fot Sale xD
  70.  
  71.  
  72.  
  73.  
  74.  
  75.  
  76. SSL .Gov - Read my other pastebin to get more info on the SSL certs
  77.  
  78. http://www.sendspace.com/file/hwzc8r
  79.  
  80.  
  81.  
  82.  
  83. Atmail - File Permissions Error
  84.  
  85.  
  86.  
  87.  
  88. Powered by Atmail 6.20.8
  89.  
  90.  
  91. /config/dbconfig.ini
  92.  
  93.  
  94. Powered by Atmail
  95. Powered by Atmail 6
  96. Powered by Atmail 6.3.6
  97. Powered by Atmail 6.2
  98. Powered by Atmail 6.3
  99.  
  100.  
  101.  
  102.  
  103.  
  104. E2050 LANHP-IB Config Utility Requires no Auth Login
  105.  
  106.  
  107.  
  108.  
  109.  
  110.  
  111. Techno Vision Security Systems -
  112. %s
  113. http://213.8.130.170/
  114.  
  115. Unhandled exception at 0x73257325 in iexplore.exe: 0xC0000005: Access violation.
  116.  
  117.  
  118. String Format -- %s username field
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!